关键词: 物联网设备固件, 一分类支持向量机（OCSVM）, 假设检验, 层次化, 异常分析

Abstract: The bottom layer of the Internet of Things（IoT） usually contains a large number of sensing terminals, which are the foundation of IoT application and services. However, due to the limitation on resources such as computing, storage and transmission bandwidth, it is very limited to be available when the sensing device firmware program runs. As a result, when these devices are abnormal, relevant personnel often lack sufficient means to analyze them. To solve the above problem, a Hierarchical Anomaly Analysis（HA2） technology for IoT sensing device firmware is proposed. The method is based on the static structure and dynamic track characteristics of the IoT sensor node program. With the help of OCSVM and statistical inference methods, it can realize the anomaly detection at three levels, including interval, task and function, and generate the corresponding anomaly analysis report. Experiments show that compared with the existing methods, the proposed method has less storage and operation cost in collecting the characteristics of anomaly analysis. At the same time, the analysis of defects in open source database shows that the analysis report of HA2 can greatly reduce the scope of anomaly analysis and provide effective help for users to analyze and fix the anomalies.

Key words: IoT device firmware, One-Class Support Vector Machine（OCSVM）, hypothesis testing, hierarchical, anomaly analysis